Listing of the Claims 



1-12. (Cancelled) 

13. (Previously presented) A method comprising: 

receiving from a subscriber on an access network an authentication request, the 
authentication request identifying the subscriber and identifying a designated service provider 
from among a plurality of service providers; 

sending the authentication request to the designated service provider; 

receiving from the designated service provider an authentication response indicating 
successful authentication of the subscriber by the designated service provider, wherein the 
authentication response includes a service qualification that indicates at least one of (i) one or 
more types of services authorized for the subscriber and (ii) one or more extents of service 
authorized for the subscriber, wherein the service qualification specifies one or more types of 
communication and, for each specified type of communication, specifies whether the subscriber 
is allowed to engage in the specified type of communication; 

responsive to the authentication response, assigning the subscriber to operate in a 
designated layer of the access network set aside for subscribers that have been authenticated by 
the designated service provider and to operate according to the service qualification, wherein the 
access network is an IP network and the designated layer is an IP subnet, and wherein assigning 
the subscriber to operate in the designated layer comprises assigning to the subscriber an IP 
address in the IP subnet; and 

serving the subscriber in the designated layer of the access network and pursuant to the 
service qualification indicated in the authentication response, 



wherein serving the subscriber in the designated layer comprises handling 
communications with the subscriber according to a logic set established for the designated layer, 

wherein handling communications with the subscriber according to the logic set 
established for the designated layer comprises (i) detecting a packet bearing the IP address 
assigned to the subscriber, and (ii) responsively applying the logic set to restrict transmission of 
the packet, 

wherein handling communications with the subscriber according to the logic set 
established for the designated layer comprises disallowing at least a predetermined type of 
communication from passing from the subscriber to outside of the access network, and 

wherein serving the subscriber pursuant to the service qualification indicated in the 
authentication response comprises, for each type of communication specified in the service 
qualification, allowing or disallowing the type of communication by the subscriber as specified 
by the service qualification. 

14-16. (Cancelled) 

17. (Previously presented) The method of claim 13, wherein serving the 
subscriber in the designated layer of the access network comprises: 

a gateway on the access network detecting a web page being sent to the subscriber; and 
the gateway modifying the web page to include an advertisement for the designated 
service provider. 

18. (Original) The method of claim 13, further comprising prompting the 
subscriber to provide the authentication request. 



19. (Original) The method of claim 18, wherein prompting the subscriber for the 
authentication request comprises: 

presenting to the subscriber a set of the plurality of service providers; and 
prompting the subscriber to select a service provider from among the plurality presented, 
wherein the subscriber selects the designated service provider from among the plurality. 

20. (Original) The method of claim 13, wherein the access network comprises a 
wireless access network. 

21. (Previously Presented) A method carried out by an access network, the 
method comprising: 

prompting a first client station to select a service provider from among a plurality of 
service providers, and receiving a signal from the first client station, indicating a first selected 
service provider; 

sending a first authentication request message for the first client station to the first 
selected service provider, the first authentication request message indicating authentication 
information for the first client station; 

receiving a first authentication response message from the first selected service provider, 
the first authentication response message indicating that first client station is authenticated by the 
first selected service provider, wherein the first authentication response includes a first service 
qualification that indicates at least one of (i) one or more types of services authorized for the first 
client station and (ii) one or more extents of service authorized for the first client station, 
wherein the first service qualification specifies one or more types of communication and, for 



each specified type of communication, specifies whether the first client station is allowed to 
engage in the specified type of communication; and 

in response to the first authentication response message, restricting the first client station 
to communications in a first logical layer of the access network associated with the first selected 
service provider and according to the first service qualification, 

wherein restricting the first client station to communications in the first logical layer of 
the access network associated with the first selected service provider comprises handling 
communications with the first client station according to a logic set established for the first 
logical layer, 

wherein handling communications with the first client station according to the logic set 
established for the first logical layer comprises disallowing at least a predetermined type of 
communication from passing from the first client station to outside of the access network, and 

wherein restricting the first client station to communications according to the first service 
qualification comprises, for each type of communication specified in the first service 
qualification, allowing or disallowing the type of communication by the first client station as 
specified by the first service qualification. 

22. (Previously presented) The method of claim 2 1 , further comprising: 

prompting a second client station to select a service provider from among a plurality of 

service providers, and receiving a signal from the second client station, indicating a second 

selected service provider; 

sending a second authentication request message for the second client station to the first 

selected service provider, the second authentication request message indicating authentication 

information for the second client station; 



receiving a second authentication response message from the second selected service 
provider, the second authentication response message indicating that second client station is 
authenticated by the second selected service provider, wherein the second authentication 
response includes a second service qualification that indicates at least one of (i) one or more 
types of services authorized for the second client station and (ii) one or more extents of service 
authorized for the second client station; and 

in response to the second authentication response message, restricting the second client 
station to communications in a second logical layer of the access network associated with the 
second selected service provider and according to the second service qualification. 

23. (Previously Presented) A communication system comprising: 

means for prompting a first client station to select a service provider from among a 
plurality of service providers, and for receiving a signal from the first client station, indicating a 
first selected service provider; 

means for sending a first authentication request message for the first client station to the 
first selected service provider, the first authentication request message indicating authentication 
information for the first client station; 

means for receiving a first authentication response message from the first selected service 
provider, the first authentication response message indicating that first client station is 
authenticated by the first selected service provider, wherein the first authentication response 
includes a first service qualification that indicates at least one of (i) one or more types of services 
authorized for the first client station and (ii) one or more extents of service authorized for the 
first client station, wherein the first service qualification specifies one or more types of 



communication and, for each specified type of communication, specifies whether the first client 
station is allowed to engage in the specified type of communication; and 

means for responding to the first authentication response message by restricting the first 
client station to communications in a first logical layer of the access network associated with the 
first selected service provider and according to the first service qualification, 

wherein restricting the first client station to communications in the first logical layer of 
the access network associated with the first selected service provider comprises handling 
communications with the first client station according to a logic set established for the first 
logical layer, and 

wherein handling communications with the first client station according to the logic set 
established for the first logical layer comprises disallowing at least a predetermined type of 
communication from passing from the first client station to outside of the access network, and 

wherein restricting the first client station to communications according to the first service 
qualification comprises, for each type of communication specified in the first service 
qualification, allowing or disallowing the type of communication by the first client station as 
specified by the first service qualification. 

24. (Previously presented) The communication system of claim 23, further 

comprising: 

means for prompting a second client station to select a service provider from among a 
plurality of service providers, and for receiving a signal from the second client station, indicating 
a second selected service provider; 



means for sending a second authentication request message for the second client station 
to the first selected service provider, the second authentication request message indicating 
authentication information for the second client station; 

means for receiving a second authentication response message from the second selected 
service provider, the second authentication response message indicating that second client 
station is authenticated by the second selected service provider, wherein the second 
authentication response includes a second service qualification that indicates at least one of (i) 
one or more types of services authorized for the second client station and (ii) one or more extents 
of service authorized for the second client station; and 

means for responding to the second authentication response message by restricting the 
second client station to communications in a second logical layer of the access network 
associated with the second selected service provider and according to the second service 
qualification. 

25 . (Previously presented) The method of claim 1 3 , further comprising : 

before receiving the authentication response, assigning the subscriber to operate in a 
default layer of the access network; and 

handling communications in the default layer according to a default logic set. 

26-27. (Cancelled) 

28. (Previously presented) The method of claim 13, wherein handling 

communications with the subscriber according to the logic set established for the designated 
layer comprises: 



detecting a web page being sent to an address on the designated layer; and 
injecting into the web page information specific to the designated service provider. 

29. (Previously presented) The method of claim 28, wherein the information 
comprises an advertisement for the designated service provider. 

30. (Previously presented) The method of claim 13, wherein the subscriber 
communicates via an air interface with the access network. 

31. (Previously presented) The method of claim 13, wherein disallowing at 
least the predetermined type of communication from passing from the subscriber to outside of 
the access network comprises disallowing all communications from passing from the subscriber 
to outside of the access network. 

32. (Previously presented) The method of claim 21, wherein 
disallowing at least the predetermined type of communication from passing from the first client 
station to outside of the access network comprises disallowing all communications from passing 
from the first client station to outside of the access network. 

33. (Previously presented) The method of claim 23, wherein 
disallowing at least the predetermined type of communication from passing from the first client 
station to outside of the access network comprises disallowing all communications from passing 
from the first client station to outside of the access network. 



